Package deploy tokens front end

Update deploy tokens front end and controllers to allow package read and write deploy token scopes.

Package deploy tokens front end
Update deploy tokens front end and controllers to allow package read and write deploy token scopes.
8dc41b75 · Steve Abrams · ccd3b3fe · 8dc41b75 · 8dc41b75 · 8dc41b75
Commit 8dc41b75 authored Apr 11, 2020 by Steve Abrams
10 changed files
--- a/app/controllers/groups/settings/repository_controller.rb
+++ b/app/controllers/groups/settings/repository_controller.rb
@@ -46,7 +46,7 @@ module Groups
      end
      def deploy_token_params
-        params.require(:deploy_token).permit(:name, :expires_at, :read_repository, :read_registry, :write_registry, :username)
+        params.require(:deploy_token).permit(:name, :expires_at, :read_repository, :read_registry, :write_registry, :read_package_registry, :write_package_registry, :username)
      end
    end
  end

--- a/app/controllers/projects/settings/repository_controller.rb
+++ b/app/controllers/projects/settings/repository_controller.rb
@@ -89,7 +89,7 @@ module Projects
      end
      def deploy_token_params
-        params.require(:deploy_token).permit(:name, :expires_at, :read_repository, :read_registry, :write_registry, :username)
+        params.require(:deploy_token).permit(:name, :expires_at, :read_repository, :read_registry, :write_registry, :read_package_registry, :write_package_registry, :username)
      end
      def access_levels_options

--- a/app/views/groups/settings/repository/show.html.haml
+++ b/app/views/groups/settings/repository/show.html.haml
 - breadcrumb_title _('Repository Settings')
 - page_title _('Repository')
- deploy_token_description = s_('DeployTokens|Group deploy tokens allow read-only access to the repositories and registry images within the group.')
+- deploy_token_description = s_('DeployTokens|Group deploy tokens allow access to the packages, repositories, and registry images within the group.')
 = render "shared/deploy_tokens/index", group_or_project: @group, description: deploy_token_description
--- a/app/views/projects/settings/repository/show.html.haml
+++ b/app/views/projects/settings/repository/show.html.haml
 - breadcrumb_title _("Repository Settings")
 - page_title _("Repository")
 - @content_class = "limit-container-width" unless fluid_layout
- deploy_token_description = s_('DeployTokens|Deploy tokens allow access to your repository and registry images.')
+- deploy_token_description = s_('DeployTokens|Deploy tokens allow access to packages, your repository, and registry images.')
 = render "projects/default_branch/show"
 = render_if_exists "projects/push_rules/index"

--- a/app/views/shared/deploy_tokens/_form.html.haml
+++ b/app/views/shared/deploy_tokens/_form.html.haml
@@ -35,5 +35,15 @@
        = label_tag ("deploy_token_write_registry"), 'write_registry', class: 'label-bold form-check-label'
        .text-secondary= s_('DeployTokens|Allows write access to the registry images')
+      %fieldset.form-group.form-check
+        = f.check_box :read_package_registry, class: 'form-check-input'
+        = label_tag ("deploy_token_read_package_registry"), 'read_package_registry', class: 'label-bold form-check-label'
+        .text-secondary= s_('DeployTokens|Allows read access to the package registry')
+      %fieldset.form-group.form-check
+        = f.check_box :write_package_registry, class: 'form-check-input'
+        = label_tag ("deploy_token_write_package_registry"), 'write_package_registry', class: 'label-bold form-check-label'
+        .text-secondary= s_('DeployTokens|Allows write access to the package registry')
  .prepend-top-default
    = f.submit s_('DeployTokens|Create deploy token'), class: 'btn btn-success qa-create-deploy-token'
--- a/changelogs/unreleased/package-deploy-tokens-fe.yml
+++ b/changelogs/unreleased/package-deploy-tokens-fe.yml
+---
+title: Add read and write package registry scopes to deploy tokens
+merge_request: 31267
+author:
+type: added
--- a/doc/api/deploy_tokens.md
+++ b/doc/api/deploy_tokens.md
@@ -92,7 +92,7 @@ POST /projects/:id/deploy_tokens
 | `name`            | string    | yes | New deploy token's name |
 | `expires_at`      | datetime  | no  | Expiration date for the deploy token. Does not expire if no value is provided. |
 | `username`        | string    | no  | Username for deploy token. Default is `gitlab+deploy-token-{n}` |
-| `scopes`   | array of strings | yes | Indicates the deploy token scopes. Must be at least one of `read_repository`, `read_registry`, or `write_registry`. |
+| `scopes`   | array of strings | yes | Indicates the deploy token scopes. Must be at least one of `read_repository`, `read_registry`, `write_registry`, `read_package_registry`, or `write_package_registry`. |
 ```shell
 curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" --header "Content-Type: application/json" --data '{"name": "My deploy token", "expires_at": "2021-01-01", "username": "custom-user", "scopes": ["read_repository"]}' "https://gitlab.example.com/api/v4/projects/5/deploy_tokens/"
@@ -193,7 +193,7 @@ POST /groups/:id/deploy_tokens
 | `name`            | string    | yes | New deploy token's name |
 | `expires_at`      | datetime  | no  | Expiration date for the deploy token. Does not expire if no value is provided. |
 | `username`        | string    | no  | Username for deploy token. Default is `gitlab+deploy-token-{n}` |
-| `scopes`   | array of strings | yes | Indicates the deploy token scopes. Must be at least one of `read_repository`, `read_registry`, or `write_registry`. |
+| `scopes`   | array of strings | yes | Indicates the deploy token scopes. Must be at least one of `read_repository`, `read_registry`, `write_registry`, `read_package_registry`, or `write_package_registry`. |
 Example request:

--- a/doc/user/project/deploy_tokens/index.md
+++ b/doc/user/project/deploy_tokens/index.md
@@ -4,8 +4,9 @@
 > - [Moved](https://gitlab.com/gitlab-org/gitlab/issues/199370) from **Settings > Repository** in GitLab 12.9.
 > - [Added `write_registry` scope](https://gitlab.com/gitlab-org/gitlab/-/issues/22743) in GitLab 12.10.
 > - [Moved](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/29280) from **Settings > CI / CD** in GitLab 12.10.1.
+> - [Added package registry scopes](https://gitlab.com/gitlab-org/gitlab/-/issues/213566) from **Settings > CI / CD** in GitLab 13.0.
-Deploy tokens allow you to download (`git clone`) or push and pull the container registry images of a project without having a user and a password.
+Deploy tokens allow you to download (`git clone`) or push and pull packages and container registry images of a project without having a user and a password.
 Deploy tokens can be managed by [maintainers only](../../permissions.md).
@@ -101,6 +102,22 @@ To push the container registry images, you'll need to:
 Just replace `<username>` and `<deploy_token>` with the proper values. Then you can simply
 push images to your Container Registry.
+### Read or pull packages
+To pull packages in the GitLab package registry, you'll need to:
+1. Create a Deploy Token with `read_package_registry` as a scope.
+1. Take note of your `username` and `token`.
+1. For the [package type of your choice](./../../packages/index.md), follow the authentication instructions for deploy tokens.
+### Push or upload packages
+To upload packages in the GitLab package registry, you'll need to:
+1. Create a Deploy Token with `write_package_registry` as a scope.
+1. Take note of your `username` and `token`.
+1. For the [package type of your choice](./../../packages/index.md), follow the authentication instructions for deploy tokens.
 ### Group Deploy Token
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/21765) in GitLab 12.9.

--- a/lib/api/deploy_tokens.rb
+++ b/lib/api/deploy_tokens.rb
@@ -11,6 +11,8 @@ module API
        result_hash = Hashie::Mash.new
        result_hash[:read_registry] = scopes.include?('read_registry')
        result_hash[:write_registry] = scopes.include?('write_registry')
+        result_hash[:read_package_registry] = scopes.include?('read_package_registry')
+        result_hash[:write_package_registry] = scopes.include?('write_package_registry')
        result_hash[:read_repository] = scopes.include?('read_repository')
        result_hash
      end
@@ -55,7 +57,7 @@ module API
      params do
        requires :name, type: String, desc: "New deploy token's name"
        requires :scopes, type: Array[String], values: ::DeployToken::AVAILABLE_SCOPES.map(&:to_s),
-          desc: 'Indicates the deploy token scopes. Must be at least one of "read_repository", "read_registry", or "write_registry".'
+          desc: 'Indicates the deploy token scopes. Must be at least one of "read_repository", "read_registry", "write_registry", "read_package_registry", or "write_package_registry".'
        optional :expires_at, type: DateTime, desc: 'Expiration date for the deploy token. Does not expire if no value is provided.'
        optional :username, type: String, desc: 'Username for deploy token. Default is `gitlab+deploy-token-{n}`'
      end
@@ -118,7 +120,7 @@ module API
      params do
        requires :name, type: String, desc: 'The name of the deploy token'
        requires :scopes, type: Array[String], values: ::DeployToken::AVAILABLE_SCOPES.map(&:to_s),
-          desc: 'Indicates the deploy token scopes. Must be at least one of "read_repository", "read_registry", or "write_registry".'
+          desc: 'Indicates the deploy token scopes. Must be at least one of "read_repository", "read_registry", "write_registry", "read_package_registry", or "write_package_registry".'
        optional :expires_at, type: DateTime, desc: 'Expiration date for the deploy token. Does not expire if no value is provided.'
        optional :username, type: String, desc: 'Username for deploy token. Default is `gitlab+deploy-token-{n}`'
      end

--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -7056,12 +7056,18 @@ msgstr ""
 msgid "DeployTokens|Add a deploy token"
 msgstr ""
+msgid "DeployTokens|Allows read access to the package registry"
+msgstr ""
 msgid "DeployTokens|Allows read-only access to the registry images"
 msgstr ""
 msgid "DeployTokens|Allows read-only access to the repository"
 msgstr ""
+msgid "DeployTokens|Allows write access to the package registry"
+msgstr ""
 msgid "DeployTokens|Allows write access to the registry images"
 msgstr ""
@@ -7083,13 +7089,13 @@ msgstr ""
 msgid "DeployTokens|Deploy Tokens"
 msgstr ""
-msgid "DeployTokens|Deploy tokens allow access to your repository and registry images."
+msgid "DeployTokens|Deploy tokens allow access to packages, your repository, and registry images."
 msgstr ""
 msgid "DeployTokens|Expires"
 msgstr ""
-msgid "DeployTokens|Group deploy tokens allow read-only access to the repositories and registry images within the group."
+msgid "DeployTokens|Group deploy tokens allow access to the packages, repositories, and registry images within the group."
 msgstr ""
 msgid "DeployTokens|Name"